Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
SSL (certbot error) after v2.9.0 container update
See original GitHub issueChecklist
- Have you pulled and found the error with
jc21/nginx-proxy-manager:latestdocker image? Yes, v2.9.0 - Are you sure you’re not using someone else’s docker image? Yes, using recommended docker-compose.yml. image: ‘jc21/nginx-proxy-manager:latest’
- If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network? Website is accessible from outside and inside of my network.
Describe the bug
- A clear and concise description of what the bug is. After updating the container (docker-compose pull + up -d) there are multiple errors in the logs regarding SSL and certbot. Also renewing or creating new certs gives a internal error. Running on Pi4 OS Ubuntu server
At startup:
[5/6/2021] [10:25:17 AM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
An unexpected error occurred:
pkg_resources.VersionConflict: (certbot 0.31.0 (/usr/lib/python3/dist-packages), Requirement.parse('certbot>=1.1.0'))
Please see the logfile '/tmp/tmppenzjqqk' for more details.
at ChildProcess.exithandler (node:child_process:326:12)
at ChildProcess.emit (node:events:369:20)
at maybeClose (node:internal/child_process:1067:16)
at Socket.<anonymous> (node:internal/child_process:453:11)
at Socket.emit (node:events:369:20)
at Pipe.<anonymous> (node:net:666:12)
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0
At renewing cert (changed domain names for privacy):
[5/6/2021] [10:25:38 AM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates via Cloudflare for Cert #26: *.domain.tld, domain.tld
[5/6/2021] [10:25:40 AM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --cert-name "npm-26" --disable-hook-validation
An unexpected error occurred:
pkg_resources.VersionConflict: (certbot 0.31.0 (/usr/lib/python3/dist-packages), Requirement.parse('certbot>=1.1.0'))
Please see the logfile '/tmp/tmpj9ii4a7u' for more details.
[5/6/2021] [10:31:44 AM] [Nginx ] › ℹ info Reloading Nginx
[5/6/2021] [10:31:45 AM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates via Cloudflare for Cert #28: *.domain.tld, domain.tld
[5/6/2021] [10:31:52 AM] [Nginx ] › ℹ info Reloading Nginx
[5/6/2021] [10:31:53 AM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --cert-name "npm-28" --agree-tos --email "email@address.tld --domains "*.domain.tld,domain.tld" --authenticator dns-cloudflare --dns-cloudflare-credentials "/etc/letsencrypt/credentials/credentials-28"
An unexpected error occurred:
pkg_resources.VersionConflict: (certbot 0.31.0 (/usr/lib/python3/dist-packages), Requirement.parse('certbot>=1.1.0'))
Please see the logfile '/tmp/tmpjrovn4qe' for more details.
Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0
[5/6/2021] [10:33:53 AM] [Nginx ] › ℹ info Reloading Nginx
sudo docker exec npm_app_1 cat /tmp/tmppenzjqqk:
2021-05-06 10:25:16,865:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1335, in main
plugins = plugins_disco.PluginsRegistry.find_all()
File "/usr/lib/python3/dist-packages/certbot/plugins/disco.py", line 206, in find_all
plugin_ep = PluginEntryPoint(entry_point)
File "/usr/lib/python3/dist-packages/certbot/plugins/disco.py", line 52, in __init__
self.plugin_cls = entry_point.load()
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2410, in load
self.require(*args, **kwargs)
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2433, in require
items = working_set.resolve(reqs, env, installer, extras=self.extras)
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 791, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.VersionConflict: (certbot 0.31.0 (/usr/lib/python3/dist-packages), Requirement.parse('certbot>=1.1.0'))
2021-05-06 10:25:16,865:ERROR:certbot.log:An unexpected error occurred:
- What version of Nginx Proxy Manager is reported on the login page? v2.9.0
To Reproduce Steps to reproduce the behavior:
- Update to v2.9.0
- Renew or Create a certificate
- Internal Error
- Check logs
Expected behavior Expected to renew or create cert.
Screenshots If applicable, add screenshots to help explain your problem.
Operating System
- Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error. Rapsberry Pi4 running Ubuntu Server
Distributor ID: Ubuntu Description: Ubuntu 20.10 Release: 20.10 Codename: groovy
Additional context Everything keeps working expect the creating or renewing certs.
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Common Certbot Errors & Solutions - Webdock.io
Let's Encrypt Certbot sometimes kicks up a fuss. In this article we document the most commonly encountered errors and how to solve them....
Read more >Client on Debian 9 erroneously reports expired certificate for ...
For Debian 8 and 9, I just do that for updating cert on host and no longer have the error 60: SSL certificate...
Read more >Certbot + Nginx in Docker, error when creating certificate in ...
For context, this error would happen if Certbot was trying to create a renewal config for mydomain.com , but ./data/certbot/conf/live/mydomain.
Read more >Certbot error: Problem binding to port 80 | Linode Questions
This is a common CertBot error when using the Standalone plugin ( --standalone flag) during the certificate renewal/creation process.
Read more >How to Force-update Let's Encrypt Certificates - Traefik Labs
Read instructions to see if your Let's Encrypt certificates will be revoked, and how to update them for Traefik Proxy and Traefik ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Also mentioned in #999, working on it. Seems that debian does not provide a very good version of certbot.
There’s no harm downgrading to 2.8.1 for now.
v2.9.1 fixes this issue and is using the latest
certbotwith only onecertbotexecutable in the image. I have tested with LetsEncrypt but it’s not possible for me to test with each and everycertbotplugin, though I don’t foresee any problems as they are installed withpipat run time.